R3102-R3103-HP 6600/HSR6600 Routers Layer 3 - IP Services Command Reference
134
vpn-instance global-name: Specifies the MPLS L3VPN to which the advertised external network address
belongs. The global-name argument is a case-sensitive string of 1 to 31 characters. Without this option,
the advertised external IP address does not belong to any VPN.
vpn-instance local-name: Specifies the MPLS L3VPN to which the internal server belongs. The local-name
argument is a case-sensitive string of 1 to 31 characters. Without this parameter, the internal server does
not belong to any VPN.
track vrrp virtual-router-id: Associates the internal server with a VRRP group. The virtual-router-id
argument indicates the number of the VRRP group to be associated. Without this option specified, no
VRRP group is associated.
Usage guidelines
Using the address and port defined by the global-address and global-port parameters, external users
can access the internal server with an IP address of local-address and a port of local-port.
If one of the two arguments global-port and local-port is set to any, the other must also be any or remain
undefined.
Using this command, you can configure internal servers (such as Web, FTP, Telnet, POP3, and DNS
servers) to provide services for external users. An internal server can reside in an internal network or an
MPLS VPN.
You can configure a maximum of 256 internal server configuration commands on an interface. The
number of internal servers that each command can define equals the difference between global-port2
and global-port1. Up to 4096 internal servers can be configured on an interface. The system allows up
to 1024 internal server configuration commands.
In general, this command is configured on an interface that serves as the egress of an internal network
and connects to the external network.
The device supports using an interface address as the external IP address of an internal server, which is
Easy IP. If you specify the current-interface keyword, the internal server uses the current primary IP
address of the current interface. If you use interface { interface-type interface-number } to specify an
interface, the interface must be an existing loopback interface and the current primary IP address of the
loopback interface is used.
HP recommends that if an internal server using Easy IP is configured on the current interface, the IP
address of this interface should not be configured as the external address of another internal server, and
vice versa. This is because that the interface address that is referenced by the internal server using Easy
IP serves as the external address of the internal server.
In stateful failover networking, make sure you associate the public address of an internal server on an
interface with one VRRP group only. Otherwise, the system associates the public address with the VRRP
group having the highest group ID.
When the protocol type is not udp (with a protocol number of 17) or tcp (with a protocol number of 6),
you can configure one-to-one NAT between an internal IP address and an external IP address only, but
cannot specify port numbers.
Examples
# Allow external users to access the internal Web server 10.110.10.10 on the LAN through
http://202.110.10.10:8080, and the internal FTP server 10.110.10.11 in MPLS VPN vrf10
through ftp://202.110
.10.10 /. Assume that the interface Serial 2/1/0 is connected to the external
network.
<Sysname> system-view
[Sysname] interface serial 2/1/0